def _set_ip(self, ip, version, network):
if ip not in network:
raise ValueError("Can't assign this ip to the jail. "
"The ip should belong to the network %s" %
network)
jail_conf = get_jail_conf()
for jail_name, jail_block in jail_conf.jails():
try:
ip_addr = jail_block['ip%s.addr' % version]
except KeyError:
continue
if ip_addr == str(ip):
raise IPAlreadyRegistered
elif isinstance(ip_addr, (list, tuple)):
if str(ip) in ip_addr:
raise IPAlreadyRegistered
jail_conf[self.name]['interface'] = cloned_if()
jail_conf[self.name]['ip%s.addr' % version] = str(ip)
jail_conf.write('/etc/jail.conf')
self._update_resolv_conf()
PFManager.refresh_anchor()
line = '%s %s\n' % (str(ip), self.name)
lines = open('/etc/hosts').readlines()
if line not in lines:
lines.append(line)
temp_etc_hosts = to_tempfile(''.join(lines))
shutil.move(temp_etc_hosts, '/etc/hosts')
def delete(self):
cmd('service', 'jail', 'stop', self.name)
jail_conf = get_jail_conf()
try:
jail_block = jail_conf[self.name]
except KeyError:
pass
else:
for version in (4, 6):
try:
ip = jail_block['ip%s.addr' % version]
except KeyError:
pass
else:
assert isinstance(
ip, str) # list of ips not yet supported by mjail
line = '%s %s\n' % (ip, self.name)
lines = [
l for l in open('/etc/hosts').readlines() if l != line
]
temp_etc_hosts = to_tempfile(''.join(lines))
shutil.move(temp_etc_hosts, '/etc/hosts')
del jail_conf[self.name]
jail_conf.write('/etc/jail.conf')
if os.path.exists(self.directory):
cmd('chflags', '-R', 'noschg', self.directory)
cmd('rm', '-rf', self.directory)
PFManager.refresh_anchor()
def enable(cls):
#rc_conf_mod('gateway_enable=YES')
#rc_conf_mod('net.inet.ip.forwarding=1')
pf_conf_path = cls.pf_conf_path()
try:
pf_conf = [
line.rstrip() for line in open(pf_conf_path).readlines()
if not line.endswith(cls._comment + "\n")
]
except FileNotFoundError:
pf_conf = []
start, translation_rules, filter_rules = pf_conf_split(pf_conf)
new_conf = (start + [
cls._load_anchor, cls._insert_anchor_nat, cls._insert_anchor_rdr
] + translation_rules + filter_rules + [cls._insert_anchor_filter])
new_conf = '\n'.join(new_conf)
if not new_conf.endswith(
'\n'): # required by the pf configuration parser
new_conf += '\n'
cmd('mkdir', '-p', os.path.dirname(cls._anchor_conf_file))
if not os.path.exists(cls._anchor_conf_file):
cls.overwrite_anchor_conf()
temp_path = to_tempfile(new_conf, prefix=pf_conf_path)
cmd('pfctl', '-vnf', temp_path
) # checking the new conf before replacing the old conf with it
os.rename(temp_path, pf_conf_path)
if pf_is_running():
cmd('pfctl', '-f', pf_conf_path)
else:
rc_conf_mod('pf_enable=YES')
rc_conf_mod('pf_rules=%s' % pf_conf_path)
cmd('service', 'pf', 'start')
def delete(self):
cmd('service', 'jail', 'stop', self.name)
jail_conf = get_jail_conf()
try:
jail_block = jail_conf[self.name]
except KeyError:
pass
else:
try:
ip4 = jail_block['ip4.addr']
except KeyError:
pass
else:
assert isinstance(ip4, str) # list of ips not yet supported by mjail
line = '%s %s\n' % (ip4, self.name)
lines = [l for l in open('/etc/hosts').readlines() if l != line]
temp_etc_hosts = to_tempfile(''.join(lines))
shutil.move(temp_etc_hosts, '/etc/hosts')
del jail_conf[self.name]
jail_conf.write('/etc/jail.conf')
if os.path.exists(self.directory):
cmd('chflags', '-R', 'noschg', self.directory)
cmd('rm', '-rf', self.directory)
PFManager.refresh_anchor()
def set_ip4(self, ip4):
assert isinstance(ip4, IPv4Address)
jail_conf = get_jail_conf()
for jail_name, jail_block in jail_conf.jails():
try:
ip4_addr = jail_block['ip4.addr']
except KeyError:
continue
if ip4_addr == str(ip4):
raise IPAlreadyRegistered
elif isinstance(ip4_addr, (list, tuple)):
if str(ip4) in ip4_addr:
raise IPAlreadyRegistered
jail_conf[self.name]['interface'] = cloned_if()
jail_conf[self.name]['ip4.addr'] = str(ip4)
jail_conf.write('/etc/jail.conf')
PFManager.refresh_anchor()
line = '%s %s\n' % (str(ip4), self.name)
lines = open('/etc/hosts').readlines()
if line not in lines:
lines.append(line)
temp_etc_hosts = to_tempfile(''.join(lines))
shutil.move(temp_etc_hosts, '/etc/hosts')
def enable(cls):
cmd('mkdir', '-p', cls._conf_dir)
temp_path = to_tempfile(
cls._conf(),
prefix = cls._conf_file
)
os.rename(temp_path, cls._conf_file)
cmd('local-unbound-setup', '-C', cls._conf_dir)
def disable(cls):
pf_conf_path = cls.pf_conf_path()
try:
pf_conf = [
line for line in open(pf_conf_path).readlines()
if not line.endswith(cls._comment + "\n")
]
except FileNotFoundError:
pass
else:
new_conf = ''.join(pf_conf)
if not new_conf.endswith('\n'):
new_conf += '\n'
temp_path = to_tempfile(new_conf, prefix=pf_conf_path)
cmd('pfctl', '-vnf', temp_path)
os.rename(temp_path, pf_conf_path)
if pf_is_running():
cmd('pfctl' '-f', pf_conf_path)
def minor_upgrade(self, to_version, unattended=False):
# this function would need to be tested
freebsd_update_conf = to_tempfile(''.join(
(re.sub(r'(?<=\b)kernel(?=\b)', '', line) if re.
match(r'^Components\s', line) else line)
for line in open('/etc/freebsd-update.conf').readlines()))
try:
jail_conf = get_jail_conf()
currently_running = jail_conf[
self.name]['$mjail_currently_running_release']
to_version_major = to_version.split('.')[0]
running_major = currently_running.split('.')[0]
if to_version_major != running_major:
raise Exception(
"Can't upgrade from %s to %s. Only minor version upgrade is supported at the moment."
% (running_major, to_version_major))
env = os.environ.copy()
if unattended:
env['PAGER'] = 'cat'
cmd('freebsd-update',
'-b',
self.directory,
'-f',
freebsd_update_conf,
'-r',
to_version,
'upgrade',
'install',
'--currently-running',
currently_running,
env=env)
for _ in range(2):
cmd('freebsd-update',
'-b',
self.directory,
'-f',
freebsd_update_conf,
'install',
env=env)
jail_conf[
self.name]['$mjail_currently_running_release'] = to_version
jail_conf.write('/etc/jail.conf')
finally:
os.remove(freebsd_update_conf)
def disable(cls):
pf_conf_path = cls.pf_conf_path()
try:
pf_conf = [
line
for line in open(pf_conf_path).readlines()
if not line.endswith(cls._comment + "\n")
]
except FileNotFoundError:
pass
else:
new_conf = ''.join(pf_conf)
if not new_conf.endswith('\n'):
new_conf += '\n'
temp_path = to_tempfile(new_conf, prefix = pf_conf_path)
cmd('pfctl', '-vnf', temp_path)
os.rename(temp_path, pf_conf_path)
if pf_is_running():
cmd('pfctl' '-f', pf_conf_path)
def enable(cls):
#rc_conf_mod('gateway_enable=YES')
#rc_conf_mod('net.inet.ip.forwarding=1')
pf_conf_path = cls.pf_conf_path()
try:
pf_conf = [
line.rstrip()
for line in open(pf_conf_path).readlines()
if not line.endswith(cls._comment + "\n")
]
except FileNotFoundError:
pf_conf = []
start, translation_rules, filter_rules = pf_conf_split(pf_conf)
new_conf = (
start
+
[cls._load_anchor, cls._insert_anchor_nat, cls._insert_anchor_rdr]
+
translation_rules
+
filter_rules
+
[cls._insert_anchor_filter]
)
new_conf = '\n'.join(new_conf)
if not new_conf.endswith('\n'): # required by the pf configuration parser
new_conf += '\n'
cmd('mkdir', '-p', os.path.dirname(cls._anchor_conf_file))
if not os.path.exists(cls._anchor_conf_file):
cls.overwrite_anchor_conf()
temp_path = to_tempfile(new_conf, prefix = pf_conf_path)
cmd('pfctl', '-vnf', temp_path) # checking the new conf before replacing the old conf with it
os.rename(temp_path, pf_conf_path)
if pf_is_running():
cmd('pfctl', '-f', pf_conf_path)
else:
rc_conf_mod('pf_enable=YES')
rc_conf_mod('pf_rules=%s' % pf_conf_path)
cmd('service', 'pf', 'start')
def minor_upgrade(self, to_version, unattended = False):
# this function would need to be tested
freebsd_update_conf = to_tempfile(
''.join(
(re.sub(r'(?<=\b)kernel(?=\b)', '', line) if re.match(r'^Components\s', line) else line)
for line in
open('/etc/freebsd-update.conf').readlines()
)
)
try:
jail_conf = get_jail_conf()
currently_running = jail_conf[self.name]['$mjail_currently_running_release']
to_version_major = to_version.split('.')[0]
running_major = currently_running.split('.')[0]
if to_version_major != running_major:
raise Exception(
"Can't upgrade from %s to %s. Only minor version upgrade is supported at the moment." % (
running_major, to_version_major
)
)
env = os.environ.copy()
if unattended:
env['PAGER'] = 'cat'
cmd('freebsd-update',
'-b', self.directory,
'-f', freebsd_update_conf,
'-r', to_version, 'upgrade', 'install', '--currently-running', currently_running,
env = env
)
for _ in range(2):
cmd('freebsd-update',
'-b', self.directory,
'-f', freebsd_update_conf,
'install',
env = env
)
jail_conf[self.name]['$mjail_currently_running_release'] = to_version
jail_conf.write('/etc/jail.conf')
finally:
os.remove(freebsd_update_conf)
def overwrite(self):
temp_path = to_tempfile(str(self), prefix = self._path)
os.rename(temp_path, self._path)
def overwrite_anchor_conf(cls):
temp_path = to_tempfile(cls._anchor_conf(), prefix = cls._anchor_conf_file)
cmd('pfctl', '-vnf', temp_path)
os.rename(temp_path, cls._anchor_conf_file)
def enable(cls):
cmd('mkdir', '-p', cls._conf_dir)
temp_path = to_tempfile(cls._conf(), prefix=cls._conf_file)
os.rename(temp_path, cls._conf_file)
cmd('local-unbound-setup', '-C', cls._conf_dir)
def overwrite_anchor_conf(cls):
temp_path = to_tempfile(cls._anchor_conf(),
prefix=cls._anchor_conf_file)
cmd('pfctl', '-vnf', temp_path)
os.rename(temp_path, cls._anchor_conf_file)
def overwrite(self):
temp_path = to_tempfile(str(self), prefix=self._path)
os.rename(temp_path, self._path)